Logfile of HijackThis v1.99.1
Scan saved at 14:11:52, on 2006-1-16
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Rundll32.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\FarStone\Vdn\VDTask.exe
C:\WINNT\vcdplayx.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.485\HijackTh

is.exe

O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}

- C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish -

{38928D50-8A48-44C2-945F-D2F23F771410} -

C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 -

{406F94F0-504F-4a40-8DFD-58B0666ABEBD} -

C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: VnetCookie Class -

{4E83D567-4697-4F7B-B1F0-A513B01DB89A} -

c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} -

C:\WINNT\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 电台(&R) -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: 一搜工具条 -

{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program

Files\yisou\yisou.dll
O3 - Toolbar: 雅虎助手 -

{406F94F0-504F-4a40-8DFD-58B0666ABEBD} -

C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe

C:\WINNT\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe

/logon
O4 - HKLM\..\Run: [helper.dll]

C:\WINNT\system32\rundll32.exe

C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [YLive.exe]

C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse]

"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [Update] rem C:\Program Files\Common

Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe
O4 - HKLM\..\Run: [SVCHOST] rem C:\Program Files\sfx

software\SVCHOST.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program

Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program

Files\FarStone\Vdn\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINNT\vcdplayx.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program

Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [internat.exe] internat.exe
O8 - Extra context menu item: !搜一搜 - res://C:\Program

Files\yisou\yisou.dll/232
O9 - Extra button: 手机短信 -

{00000000-0000-0001-0001-596BAEDD1289} -

http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G电邮 -

{507F9113-CD77-4866-BA92-0E86DA3D0B97} -

http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 -

{59BC54A2-56B3-44a0-93E5-432D58746E26} -

http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 -

{5D73EE86-05F1-49ed-B850-E423120EC338} -

http://assistant.3721.com/index.htm?fb=Cns (file

missing)
O9 - Extra button: Related -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra button: 情景聊天 -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?htt

p://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) -

{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://assistant.3721.com/security1.htm?fb=Cns (file

missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 -

{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://assistant.3721.com/security1.htm?fb=Cns (file

missing)
O9 - Extra button: (no name) -

{FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://assistant.3721.com/clean1.htm?fb=Cns (file

missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 -

{FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://assistant.3721.com/clean1.htm?fb=Cns (file

missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {7A97B026-F3BB-49F6-BEAC-75021AD45B4E}

(SLAProbe Control) -

http://xnjc.jsinfo.net:81/sla/SLAProbe/SLAProbe.ocx
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D}

(Ravonline) -

http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{14504616-6446-4001-B0

59-8D563C373064}: NameServer = 61.147.37.1 61.177.7.1
O17 -

HKLM\System\CCS\Services\Tcpip\..\{A724C828-76B1-40DD-B4

FA-0B8AA4DA1F99}: NameServer = 202.102.192.68
O17 -

HKLM\System\CS1\Services\Tcpip\..\{14504616-6446-4001-B0

59-8D563C373064}: NameServer = 61.147.37.1 61.177.7.1
O20 - Winlogon Notify: igfxcui -

C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative

Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Process Communication Center

(RsCCenter) - Beijing Rising Technology Co., Ltd. -

C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing

Rising Technology Co., Ltd. - C:\Program

Files\Rising\Rav\Ravmond.exe

安全模式下，修复
O4 - HKLM\..\Run: [Update] rem C:\Program Files\Common Files\UPDATE\Update.exe
O4 - HKLM\..\Run: [res] C:\WINNT\system32\res.exe
O4 - HKLM\..\Run: [SVCHOST] rem C:\Program Files\sfx software\SVCHOST.exe

删除
C:\Program Files\Common Files\UPDATE\整个目录
C:\WINNT\system32\res.exe